I started to do some baby steps in formalizing a “mini candid” in Coq, starting with the rules that seem safe.
But adding the “specialize to constituent type” rule is causing problems:
If the rule is
not (null <: t2) t1 <: t2
--------------------------------
t1 <: opt t2
as it is now, then this is not transitive. We have int <: opt int (by this rule), opt int <: opt opt int (by the normal rule), but not int <: opt opt int (because of the not (null <: t2) restriction).
This restriction was added in #135, upon my suggestion. Without that restriction, we have the problems described in #135, i.e. bad interaction with the “catch decoding rule”, and the problem that
t1 <: t2
------------------
t1 <: opt t2
doesn't make progress if t2 = opt t2.
Or, to respond to @rossberg says in #135 (comment)
Interesting suggestion. I suppose options of options are not something you would see often in an interface, so limiting their evolution might be okay. How confident can we be that this has no problems?
I wish we had spare cycles to mechanise this, and prevent further holes.
I am no longer confident that this has no problems.
One way to maybe! taper over the problem is to restrict the other rule as well:
not (null <: t2) t1 <: t2
--------------------------------
opt t1 <: opt t2
so that you can’t go from opt int to opt opt int… but that essentially disallows evolution under opt opt and might be better served by disallowing opt opt… probably not nice. Or maybe this rule:
(null <: t1) iff (null <: 2) t1 <: t2
---------------------------------------
opt t1 <: opt t2
which rules out opt int <: opt opt int without ruling out opt nat <: opt int nor opt opt nat <: opt opt int ?
I started to do some baby steps in formalizing a “mini candid” in Coq, starting with the rules that seem safe.
But adding the “specialize to constituent type” rule is causing problems:
If the rule is
as it is now, then this is not transitive. We have
int <: opt int(by this rule),opt int <: opt opt int(by the normal rule), but notint <: opt opt int(because of thenot (null <: t2)restriction).This restriction was added in #135, upon my suggestion. Without that restriction, we have the problems described in #135, i.e. bad interaction with the “catch decoding rule”, and the problem that
doesn't make progress if
t2 = opt t2.Or, to respond to @rossberg says in #135 (comment)
I am no longer confident that this has no problems.
One way to maybe! taper over the problem is to restrict the other rule as well:
so that you can’t go from
opt inttoopt opt int… but that essentially disallows evolution underopt optand might be better served by disallowingopt opt… probably not nice. Or maybe this rule:which rules out
opt int <: opt opt intwithout ruling outopt nat <: opt intnoropt opt nat <: opt opt int?